Changeset 1913
- Timestamp:
- 01/26/11 22:01:22 (2 years ago)
- Location:
- trunk/pdns/pdns
- Files:
-
- 5 modified
-
botan19signers.cc (modified) (6 diffs)
-
dnssecinfra.cc (modified) (3 diffs)
-
dnssecinfra.hh (modified) (1 diff)
-
pdnssec.cc (modified) (1 diff)
-
polarrsakeyinfra.cc (modified) (7 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/pdns/pdns/botan19signers.cc
r1912 r1913 1 // utf-8 UTF-8 utf8 UTF8 1 2 #include <botan/botan.h> 2 3 #include <botan/ecdsa.h> 3 4 #include <botan/gost_3410.h> 5 #include <botan/gost_3411.h> 6 #include <botan/sha2_32.h> 7 #include <botan/sha2_64.h> 4 8 #include <botan/pubkey.h> 5 9 #include <botan/look_pk.h> … … 12 16 "The National Anthem of the Russian Federation" 13 17 14 ~ 18 ~ Rossiya - svyashchennaya nasha derzhava, ~ 15 19 ~ Rossiya - lyubimaya nasha strana. ~ 16 20 ~ Moguchaya volya, velikaya slava - ~ … … 25 29 std::string getPubKeyHash() const; 26 30 std::string sign(const std::string& hash) const; 31 std::string hash(const std::string& hash) const; 27 32 bool verify(const std::string& hash, const std::string& signature) const; 28 33 std::string getPublicKeyString() const; … … 184 189 } 185 190 191 std::string GOSTDNSPrivateKey::hash(const std::string& orig) const 192 { 193 SecureVector<byte> result; 194 195 GOST_34_11 hasher; 196 result= hasher.process(orig); 197 198 return string((const char*)result.begin(), (const char*) result.end()); 199 } 200 186 201 bool GOSTDNSPrivateKey::verify(const std::string& hash, const std::string& signature) const 187 202 { … … 207 222 std::string getPubKeyHash() const; 208 223 std::string sign(const std::string& hash) const; 224 std::string hash(const std::string& hash) const; 209 225 bool verify(const std::string& hash, const std::string& signature) const; 210 226 std::string getPublicKeyString() const; … … 344 360 } 345 361 362 std::string ECDSADNSPrivateKey::hash(const std::string& orig) const 363 { 364 SecureVector<byte> result; 365 if(getBits() == 256) { // SHA256 366 SHA_256 hasher; 367 result= hasher.process(orig); 368 } 369 else { // SHA384 370 SHA_384 hasher; 371 result = hasher.process(orig); 372 } 373 374 return string((const char*)result.begin(), (const char*) result.end()); 375 } 376 377 346 378 bool ECDSADNSPrivateKey::verify(const std::string& hash, const std::string& signature) const 347 379 { -
trunk/pdns/pdns/dnssecinfra.cc
r1909 r1913 10 10 #include "dnssecinfra.hh" 11 11 #include "dnsseckeeper.hh" 12 13 #include <polarssl/sha1.h> 14 #include <polarssl/sha2.h> 15 #include <polarssl/sha4.h> 12 #include "polarssl/sha1.h" 16 13 #include <boost/assign/std/vector.hpp> // for 'operator+=()' 17 14 #include <boost/assign/list_inserter.hpp> … … 122 119 } 123 120 124 // algorithm 12 needs special GOST hash 125 126 if(rrc.d_algorithm <= 7 ) { // RSASHA1 127 unsigned char hash[20]; 128 sha1((unsigned char*)toHash.c_str(), toHash.length(), hash); 129 return string((char*)hash, sizeof(hash)); 130 } else if(rrc.d_algorithm == 8 || rrc.d_algorithm == 13) { // RSASHA256 or ECDSAP256 131 unsigned char hash[32]; 132 sha2((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); 133 return string((char*)hash, sizeof(hash)); 134 } else if(rrc.d_algorithm == 10) { // RSASHA512 135 unsigned char hash[64]; 136 sha4((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); 137 return string((char*)hash, sizeof(hash)); 138 } else if(rrc.d_algorithm == 14) { // ECDSAP384 139 unsigned char hash[48]; 140 sha4((unsigned char*)toHash.c_str(), toHash.length(), hash, 1); // == 384 141 return string((char*)hash, sizeof(hash)); 142 } 143 else { 144 cerr<<"No idea how to hash for algorithm "<<(int)rrc.d_algorithm<<endl; 145 exit(1); 146 } 121 shared_ptr<DNSPrivateKey> dpk(DNSPrivateKey::make(rrc.d_algorithm)); 122 return dpk->hash(toHash); 147 123 } 148 124 … … 153 129 toHash.append(const_cast<DNSKEYRecordContent&>(drc).serialize("", true, true)); 154 130 155 unsigned char hash[32]; 156 if(digest==1) 157 sha1((unsigned char*)toHash.c_str(), toHash.length(), hash); 158 else 159 sha2((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); 160 131 161 132 DSRecordContent dsrc; 133 if(digest==1) { 134 shared_ptr<DNSPrivateKey> dpk(DNSPrivateKey::make(5)); // gives us SHA1 135 dsrc.d_digest = dpk->hash(toHash); 136 } 137 else if(digest == 2) { 138 shared_ptr<DNSPrivateKey> dpk(DNSPrivateKey::make(8)); // gives us SHA256 139 dsrc.d_digest = dpk->hash(toHash); 140 } 141 else if(digest == 3) { 142 shared_ptr<DNSPrivateKey> dpk(DNSPrivateKey::make(12)); // gives us GOST 143 dsrc.d_digest = dpk->hash(toHash); 144 } 145 162 146 dsrc.d_algorithm= drc.d_algorithm; 163 147 dsrc.d_digesttype=digest; 164 148 dsrc.d_tag=const_cast<DNSKEYRecordContent&>(drc).getTag(); 165 dsrc.d_digest.assign((const char*)hash, digest == 1 ? 20 : 32);166 149 return dsrc; 167 150 } -
trunk/pdns/pdns/dnssecinfra.hh
r1909 r1913 15 15 virtual std::string getPubKeyHash()const =0; 16 16 virtual std::string sign(const std::string& hash) const =0; 17 virtual std::string hash(const std::string& hash) const =0; 17 18 virtual std::string getPublicKeyString()const =0; 18 19 virtual int getBits() const =0; -
trunk/pdns/pdns/pdnssec.cc
r1912 r1913 207 207 cout<<"KSK DNSKEY = "<<zone<<" IN DNSKEY "<< value.first.getDNSKEY().getZoneRepresentation() << endl; 208 208 cout<<"DS = "<<zone<<" IN DS "<<makeDSFromDNSKey(zone, value.first.getDNSKEY(), 1).getZoneRepresentation() << endl; 209 cout<<"DS = "<<zone<<" IN DS "<<makeDSFromDNSKey(zone, value.first.getDNSKEY(), 2).getZoneRepresentation() << endl << endl; 209 cout<<"DS = "<<zone<<" IN DS "<<makeDSFromDNSKey(zone, value.first.getDNSKEY(), 2).getZoneRepresentation() << endl; 210 cout<<"DS = "<<zone<<" IN DS "<<makeDSFromDNSKey(zone, value.first.getDNSKEY(), 3).getZoneRepresentation() << endl << endl; 210 211 } 211 212 } -
trunk/pdns/pdns/polarrsakeyinfra.cc
r1909 r1913 3 3 #include <polarssl/sha1.h> 4 4 #include <polarssl/sha2.h> 5 #include <polarssl/sha4.h> 5 6 #include <polarssl/havege.h> 6 7 #include <boost/assign/std/vector.hpp> // for 'operator+=()' … … 16 17 { 17 18 public: 18 RSADNSPrivateKey()19 explicit RSADNSPrivateKey(unsigned int algorithm) : d_algorithm(algorithm) 19 20 { 20 21 memset(&d_context, 0, sizeof(d_context)); … … 37 38 RSADNSPrivateKey(const RSADNSPrivateKey& orig) 38 39 { 40 d_algorithm = orig.d_algorithm; 41 39 42 d_context.ver = orig.d_context.ver; 40 43 d_context.len = orig.d_context.len; … … 51 54 RSADNSPrivateKey& operator=(const RSADNSPrivateKey& orig) 52 55 { 56 d_algorithm = orig.d_algorithm; 57 53 58 d_context.ver = orig.d_context.ver; 54 59 d_context.len = orig.d_context.len; … … 81 86 std::string getPubKeyHash() const; 82 87 std::string sign(const std::string& hash) const; 88 std::string hash(const std::string& hash) const; 83 89 std::string getPublicKeyString() const; 84 90 int getBits() const … … 89 95 void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw); 90 96 91 static DNSPrivateKey* maker(unsigned int )92 { 93 return new RSADNSPrivateKey( );97 static DNSPrivateKey* maker(unsigned int algorithm) 98 { 99 return new RSADNSPrivateKey(algorithm); 94 100 } 95 101 96 102 private: 97 103 rsa_context d_context; 104 unsigned int d_algorithm; 98 105 }; 99 106 … … 159 166 return string((char*) signature, sizeof(signature)); 160 167 } 168 169 std::string RSADNSPrivateKey::hash(const std::string& toHash) const 170 { 171 if(d_algorithm <= 7 ) { // RSASHA1 172 unsigned char hash[20]; 173 sha1((unsigned char*)toHash.c_str(), toHash.length(), hash); 174 return string((char*)hash, sizeof(hash)); 175 } 176 else if(d_algorithm == 8) { // RSASHA256 177 unsigned char hash[32]; 178 sha2((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); 179 return string((char*)hash, sizeof(hash)); 180 } 181 else if(d_algorithm == 10) { // RSASHA512 182 unsigned char hash[64]; 183 sha4((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); 184 return string((char*)hash, sizeof(hash)); 185 } 186 throw runtime_error("PolarSSL hashing method can't hash algorithm "+lexical_cast<string>(d_algorithm)); 187 } 188 161 189 162 190 std::string RSADNSPrivateKey::convertToISC(unsigned int algorithm) const
